A comprehensive tool designed to assist penetration testers and security enthusiasts in their Hack The Box (HTB) challenges. htb-helper streamlines the initial phases of a penetration test by automating common tasks such as Nmap scanning, payload generation, and error handling.
π Live Site: https://cywf.github.io/htb-helper/
- User Input Collection: Gather essential details like machine name, IP, and type with validation
- Directory Structure Setup: Organize your penetration testing assets for each machine
- Tool Installation: Ensure necessary tools like Nmap are installed and ready to use
- Nmap Scanning: Perform various levels of Nmap scans based on user preference
- Advanced Nmap Scripts: Run vulnerability-specific Nmap scripts based on the target machine type
- Payload Generation: Automatically generate multiple payloads using msfvenom for different target types
- Error Handling: Enhanced logging with timestamps, colors, and visual progress indicators
- Tmux Integration: Built-in tmux session setup for organized CTF workflow
- CTF Scripts: Collection of helper scripts for reverse shells, web fuzzing, and enumeration
- CLI Support: Both interactive and non-interactive modes with full argument support
- Configuration: YAML-based configuration file support
Clone the repository:
git clone https://github.com/cywf/htb-helper.git
cd htb-helperInstall dependencies:
pip3 install -r requirements.txtpython3 main.py# Full setup with all options
python3 cli.py -n MyBox -i 10.10.10.150 -t Linux -l 10.10.14.5
# Quick scan only
python3 cli.py -n MyBox -i 10.10.10.150 --only-scan
# Skip tool installation
python3 cli.py -n MyBox -i 10.10.10.150 --skip-tools# Create organized tmux session for your machine
./tmux_setup.sh MyMachineName
# Then run htb-helper in the main window
python3 main.pyhtb-helper/
βββ main.py # Main script (interactive mode)
βββ cli.py # CLI interface (non-interactive mode)
βββ setup.py # User input and directory setup
βββ nmap_payload_gen.py # Nmap scanning and payload generation
βββ tools.py # Tool installation functions
βββ error_handling.py # Error logging and visual feedback
βββ config.py # Configuration management
βββ tmux_setup.sh # Tmux session setup script
βββ ctf_scripts/ # CTF helper scripts
β βββ revshell_gen.py # Reverse shell payload generator
β βββ web_fuzz.sh # Web fuzzing automation
β βββ quick_enum.sh # Quick Linux enumeration
β βββ README.md # CTF scripts documentation
βββ networking/ # Networking resources and guides
βββ systems/ # OS-specific guides
β βββ linux/ # Linux privilege escalation
βββ web/ # Web vulnerability resources
Generate reverse shell payloads for 18+ languages and environments:
# Show common shells
python3 ctf_scripts/revshell_gen.py -l 10.10.14.5 -p 4444
# Show all available shells
python3 ctf_scripts/revshell_gen.py -l 10.10.14.5 -p 4444 -a
# Generate specific shell type
python3 ctf_scripts/revshell_gen.py -l 10.10.14.5 -p 4444 -s python3Automate web enumeration with gobuster, ffuf, nikto, etc.:
# Full web enumeration
./ctf_scripts/web_fuzz.sh -u http://target.com -a
# Directory fuzzing only
./ctf_scripts/web_fuzz.sh -u http://target.com --dirs -e php,html,jsRun on target after getting a shell:
bash ctf_scripts/quick_enum.shCreate a configuration file for persistent settings:
# Generate example config
python3 -c "from config import Config; Config().create_example_config()"
# Copy and customize
cp htb_helper.example.yaml htb_helper.yaml
# Edit htb_helper.yaml with your preferencesConfiguration locations (in order of precedence):
htb_helper.yaml(current directory)~/.htb_helper.yaml~/.config/htb_helper/config.yaml
Options:
-n, --name NAME Machine name
-i, --ip IP Target machine IP
-t, --type TYPE Machine type (Windows/Linux)
-l, --lhost IP Your IP for payloads (LHOST)
-p, --lport PORT Listening port (default: 4444)
-H, --handle HANDLE Your username/handle
--skip-tools Skip tool installation
--skip-scan Skip nmap scanning
--skip-payloads Skip payload generation
--only-scan Only run nmap scans
--only-payloads Only generate payloads
-I, --interactive Force interactive mode
The tmux setup creates an organized workspace with multiple windows:
- Window 0 (main): Main HTB Helper interface
- Window 1 (nmap): Network scanning
- Window 2 (web): Web enumeration (3 panes)
- Window 3 (shells): Shells and listeners
- Window 4 (exploit): Exploitation work
- Window 5 (notes): Documentation (2 panes)
- Window 6 (privesc): Privilege escalation
- Window 7 (monitor): Monitoring and logs
Navigate with Ctrl+b followed by window number (0-7).
- Python 3.x (3.7+)
- Nmap
- Msfvenom (from Metasploit Framework)
- Git
Optional tools for enhanced functionality:
- tmux
- gobuster / ffuf
- nikto
- subfinder / assetfinder
# 1. Create tmux session
./tmux_setup.sh MyBox
# 2. Run HTB Helper (in tmux window 0)
python3 cli.py -n MyBox -i 10.10.10.150 -l 10.10.14.5
# 3. Start listener (in tmux window 3)
nc -lvnp 4444
# 4. Run web enumeration (in tmux window 2)
./ctf_scripts/web_fuzz.sh -u http://10.10.10.150 -a
# 5. Generate reverse shells as needed
python3 ctf_scripts/revshell_gen.py -l 10.10.14.5 -p 4444 -s bash-tcp# Complete setup in one command
python3 cli.py \
-n AutoBox \
-i 10.10.10.200 \
-t Linux \
-l 10.10.14.5 \
-p 4444 \
-H myhandle
# Results will be in htb/AutoBox/The HTB Helper project includes a comprehensive multi-page website built with Astro, React, TailwindCSS, and daisyUI.
- π Interactive Documentation: Browse all project documentation with syntax highlighting
- π§ Scripts Explorer: Searchable catalog of CTF scripts with filters and copy-to-clipboard functionality
- π Statistics Dashboard: Real-time repository statistics with interactive charts
- π¬ Discussions: Latest community discussions and conversations
- π Development Board: Kanban-style view of project tasks and issues
- π¨ Mermaid Visualizer: Interactive diagram viewer for project architecture
- π Theme Switcher: 7 dark/neon themes with localStorage persistence
The website is automatically built and deployed via GitHub Actions on every push to main:
-
Data Snapshot Scripts (
site/scripts/):fetch_repo_data.ts- Fetches repository statistics (stars, forks, languages, commits)fetch_discussions.ts- Retrieves latest 25 discussionsfetch_projects.ts- Fetches project board items (falls back to issues)index_scripts.ts- Scansctf_scripts/,systems/,networking/, andweb/to extract script metadata
-
Build Process:
- Scripts generate JSON files in
site/public/data/ - Astro builds static pages consuming these JSON snapshots
- All assets are optimized with base path
/htb-helper
- Scripts generate JSON files in
-
Deployment:
- GitHub Pages serves the static site
- Lighthouse CI validates performance, accessibility, and SEO
New scripts are automatically discovered by the CI pipeline:
- Add your script to
ctf_scripts/,systems/,networking/, orweb/ - Include a description comment at the top of the file
- Commit and push - the site will update automatically!
Example:
#!/usr/bin/env python3
"""
My Awesome Script - Brief description here
"""
# Your code...To run the site locally:
cd site
npm install
npm run fetch-data # Fetch latest data (requires GITHUB_TOKEN for full data)
npm run dev # Start dev server at http://localhost:4321Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
The HTB-Helper tool is licensed under the MIT, because we believe in open-source software and the free dissemination of knowledge.